What is SMB Port and Port Number? Which Protocol Uses Port 445 and Port 139?

Server Message Blocks name shortcut SMB . SMB is a protocol used by Windows Operating systems. SMB provides a lot of windows operating system related services over the network. SMB mainly used for file sharing. In general SMB protocol is used for inter-process communication between the same host processes or remove host processes.

SMB Port 139 or 445

Newcomers to the Windows ecosystem generally confuses port numbers of SMB. SMB service is provided over two ports.

TCP port 139 is SMB over NETBIOS. NETBIOS is a transport layer protocol designed to use in Windows operating systems over the network.

TCP 445 is SMB over IP. This is a newer version where SMB can be consumed normally over the IP networks.

Check If Port 137,138,139 and 445 Is Open

If we want to check the ports 137,138,139 and 445 whether they are open we can use netstat command. This list open ports with TCP and UDP protocols.

Check If Port 137,138,139 and 445 Is Open

As we can see from the example the TCP 445 is open and listening mode which means this system will accept connections to the 445 port.

SMB Over Netbios

Actually Netbios protocol works in TCP 139 and UDP 137 and UDP 138. So if we have a secure network that prevents access to the remote hosts we should add firewall allow TCP and UDP 137-139 rule. As an example, we should provide the NetBIOS hostname which is generally the same with DNS/DHCP provided hostname. In this example, we will connect remote share named backup which is provided by host

\\srv1\backup

here we should provide the hostname where NetBIOS can find and connect remote system.

SMB Over IP

SMB over IP is a newer implementation of SMB. We do not need extra intermediate protocols like Netbios in this implementation. We can use SMB directly. As an example, we can use IP addresses in order to use SMB like file sharing.

\\192.168.1.10\backup

is sufficient to connect remote SMB share and port over the network.

SMB Over IP

Security

As the Windows operating system and its protocols are the main targets for attackers we may need to create countermeasures for attacks. There are threads like

NetBIOS worms which can swarm silently over network

`PsExec` is a tool that is used to remotely manage windows systems.

`SMB Vulnerabilities` provides a thread for the systems.

We can prevent these threads by preventing SMB port access between networks or server groups which is not needed.

SMB1, SMB2, SMB3

SMB protocol has 3 versions where SMBv3 is the latest. Where SMB1 is supporting Netbios, SMB2 and SMB3 is only supported over IP which is TCP 445

Operating System Support

While SMB is created by IBM is mainly developed by Microsoft. SMB is an open protocol which means other platforms can implement SMB freely. Linux supports the SMB protocol too.